[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] How to: Turn off a reporting for broadcasts to ..*.25 5

To: "'Paquette, Trevor'" <TrevorPaquette@metronet.ca>, fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.25 5
From: Bourque Daniel <Daniel.Bourque@loto-quebec.com>
Date: Mon, 3 May 1999 14:14:16 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Correct me if I am out of my ligue but...

If my network is a subnet class B network: 190.35.0.0 with netmask
255.255.248.0

190.35.16.255, 190.35.17.255 are valid workstation address.  The broadcast
address id 190.35.23.255



-----Message d'origine-----
De: Paquette, Trevor [mailto:TrevorPaquette@metronet.ca]
Date: 3 mai, 1999 14:03
À: fw-1-mailinglist@lists.us.checkpoint.com
Objet: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255



May want to make this a FAQ:

We had a need here to disable logging for all broadcasts
going to anything ending in *.*.*.255

The problem was how to get FW-1 to do this..

Here is the trick:

1) Create a new network object called BC-ALL
2) Give it the IP 0.0.0.255
3) Give it a netmask of 0.0.0.255
4) Comment: Broadcasts to *.*.*.255

Hit OK. The system will say: Warning: Net mask invalid.. IGNORE this.

Insert a new rule in your rulebase, with:
Source: Any
Dest: BC-ALL
Service: Any
Action: Reject
Track: Blank

Done.. You'll never see any broadcasts again using that rule.

Note: This assumes Class A, B and C subnetting.
This will NOT work for VLSM (Variable Length Subnet Masks)


> -----Original Message-----
> From:	tpellowski@iscvb.com [SMTP:tpellowski@iscvb.com]
> Sent:	Monday, May 03, 1999 9:43 AM
> To:	jdschn@ibm.net; fw-1-mailinglist@lists.us.checkpoint.com
> Subject:	RE: [FW1] Reporting applications for Checkpoint logs
> 
> 
> SecureIT has a pretty good reporting program. I know it offers those
> reports
> that you had mentioned.
> It is also possible to write some Perl and also do imports to Access
> databases and use M$'s graphing wizard.
> 
> Tom Pellowski CCSE/SA
> Information Systems Engineer
> 
> 
>  
> 
> > -----Original Message-----
> > From:	John Schneider [SMTP:jdschn@ibm.net]
> > Sent:	Monday, May 03, 1999 11:34 AM
> > To:	Firewall-1 Mailinglist
> > Subject:	[FW1] Reporting applications for Checkpoint logs
> > 
> > 
> > Greetings,
> >     Thanks to the many of you who contribute to this list.  Do any of
> > you know of products
> > that would run on either the NT or RS/6000 versions of Checkpoint and
> > improve the
> > reporting capabilities?  The Checkpoint logs contain quite a bit on
> > information, but not in
> > a very readable form.
> >     Some of my customers want reports that answer questions like:
> > 
> > 1) who are my top users (in terms of number of bytes transferred, or
> > connections)
> > 2) what are the top sites that were connected to (by node name or URL)
> > 3) are any users going to objectionable sites (not active blocking
> > required here, just a
> > way to search against names like "XXX" or "adult" appearing in the site
> > name)
> > 
> > It is possible to write perl scripts and so on to do this stuff, but it
> > should not be necessary.  Does
> > Checkpoint itself give you anything like this?  I can't find it if it
> > does.
> > 
> > If you have any scripts of your own you could share, I would be very
> > grateful.
> > 
> > Thanks for any input.
> > John Schneider
> > 
> > ***********************************************************************
> > * John D. Schneider       Email: jdschn@ibm.net
> > ***********************************************************************
> > 
> > 
> > 
> > 
> >
> ==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions
> at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> > ======
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255
Next by Date: [FW1] CVP and User Authentication
Prev by thread: Re: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.255
Next by thread: RE: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.25 5
Index(es):
- Date
- Thread

RE: [FW1] How to: Turn off a reporting for broadcasts to *.*.*.25 5

RE: [FW1] How to: Turn off a reporting for broadcasts to ..*.25 5